Malicious PDF — malware analysis report

Static analysis result for SHA-256 8d936efce55ab5c5…

MALICIOUS

PDF

42.2 KB Created: 2018-12-15 20:11:21 +03:00 Authoring application: QuarkXPressª: LaserWriter 8 8.5.1 (via Acrobat Distiller 3.01 for Power Macintosh)
MD5: 138d7ac9f15a205eb836497c0418ea44 SHA-1: f3934509ef5e1e85b8b84b20905effb477bd0c50 SHA-256: 8d936efce55ab5c5b598df8815eb1e6b18aaf965723b22d6e4d090c78f22e389
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded URLs pointing to external PDF files, a technique often used for SEO manipulation or to distribute further malicious content. The primary heuristic indicates a 'PDF_SEO_LINK_FARM', suggesting the document's purpose is to generate traffic or host links to other resources, potentially malicious ones.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8469

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/iso-12097-2-1996-road-vehicles-airbag-components-part-2.pdf
    • http://www.gorillawalker.com/love-sick-one-woman-s-journey-through-sexual-addiction.pdf
    • http://www.gorillawalker.com/do-it-yourself-hebrew-and-greek-everybody-s-guide-to.pdf
    • http://www.gorillawalker.com/meet-the-residents-america-s-most-eccentric-band.pdf
    • http://www.gorillawalker.com/the-nine-books-of-the-danish-history-gesta-danorum.pdf
    • http://www.gorillawalker.com/fitness-after-fifty.pdf
    • http://www.gorillawalker.com/lighting-the-lamps.pdf
    • http://www.gorillawalker.com/the-story-behind-ice-road-truckers-an-unauthorized-guide-to.pdf
    • http://www.gorillawalker.com/getting-started-with-citrix-xenapp-6-5-by-guillermo-musumeci.pdf
    • http://www.gorillawalker.com/neon-genesis-evangelion-vol-13.pdf
    • http://www.gorillawalker.com/aroma-de-coito-fresco-spanish-edition.pdf
    • http://www.gorillawalker.com/foreign-influence-a-thriller-scot-harvath-book-9-kindle-edition.pdf
    • http://www.gorillawalker.com/producing-royal-jelly.pdf
    • http://www.gorillawalker.com/speeches-and-writings-of-annie-besant.pdf
    • http://www.gorillawalker.com/theatre-and-architecture.pdf
    • http://www.gorillawalker.com/adventure-atlas-stone-keep-sword-sorcery-d20.pdf
    • http://www.gorillawalker.com/sacred-bull-the-inner-obstacles-that-hold-you-back-at.pdf
    • http://www.gorillawalker.com/cognitive-radio-communication-and-networking-principles-and-practice.pdf
    • http://www.gorillawalker.com/southern-egyption-red-sea-dive-guide-kindle-edition.pdf
    • http://www.gorillawalker.com/the-art-of-landscape-painting-in-oil-colors-paperback-common.pdf
    • http://www.gorillawalker.com/la-menopause-des-sentiments-theatre-de-claude-t-1-french.pdf
    • http://www.gorillawalker.com/america-in-the-world-a-history-in-documents-from-the.pdf
    • http://www.gorillawalker.com/portugal-for-tourists-the-traveler-s-guide-to-make-the.pdf
    • http://www.gorillawalker.com/his-holiness.pdf
    • http://www.gorillawalker.com/a-history-of-italian-cinema.pdf
    • http://www.gorillawalker.com/the-trial-of-innocence-adam-eve-and-the-yahwist.pdf
    • http://www.gorillawalker.com/johnny-blackwell-s-poor-man-s-catalog.pdf
    • http://www.gorillawalker.com/missa-brevis-for-mixed-chorus-and-organ-or-orchestra-vocal.pdf
    • http://www.gorillawalker.com/muhammad-ali-pb-new-directions.pdf
    • http://www.gorillawalker.com/the-monster-princess.pdf
    • http://www.gorillawalker.com/sexy-amateur-nudes-singles-65.pdf
    • http://www.gorillawalker.com/ada-throws-its-weight-behind-obesity-issue-in-new-guidelines.pdf
    • http://www.gorillawalker.com/the-rights-of-students-the-basic-aclu-guide-to-a.pdf
    • http://www.gorillawalker.com/bouguer-anomaly-map-of-the-eastern-mediterranean-the-dead-sea.pdf
    • http://www.gorillawalker.com/think-safe-be-safe-the-only-guide-to-inner-peace.pdf
    • http://www.gorillawalker.com/the-lady-and-the-gamekeeper-a-short-historical-erotic-romance.pdf
    • http://www.gorillawalker.com/the-gold-and-silver-road-of-trade-and-friendship-the.pdf
    • http://www.gorillawalker.com/the-king-s-breakfast.pdf
    • http://www.gorillawalker.com/the-healthy-family-cooking-for-the-rushed.pdf
    • http://www.gorillawalker.com/rednecks-vs-ufos-unabridged-audible-audio-edition.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.